Distinguishing device-specific versus model-specific RF fingerprints in Bluetooth devices

Determine whether the radio-frequency fingerprints extracted from Bluetooth Classic devices—specifically carrier frequency offset and signal amplitude scaling factor—are primarily device-specific (unique to individual hardware units) or model-specific (shared across units of the same model), and characterize the conditions under which each type of specificity holds to assess the privacy implications of RF fingerprinting.

Background

The study records Bluetooth Classic communications from six devices in a radio-frequency isolated environment using two Ettus Research B210 SDRs capturing 80 MHz bandwidth. Packets are detected via energy detection and dehopping, then low-pass filtered to extract carrier frequency offset (CFO) and an amplitude scaling factor used as RF fingerprints. A k-nearest neighbors classifier achieves 84% accuracy across the tested devices, indicating feasibility of device identification via RF fingerprints.

Despite these results, the authors note that real-world conditions such as multipath interference, device movement, and temperature-dependent CFO variability may affect fingerprint stability and classification accuracy. Crucially, the authors explicitly state that it remains unclear whether the observed fingerprints are device-specific or model-specific, a distinction with direct privacy implications: device-specific fingerprints would enable tracking of individual units, whereas model-specific fingerprints would identify device types without uniquely tracking individual devices.